[ALSA-2021:4381] Moderate: GNOME security, bug fix, and enhancement update
Type:
security
Severity:
moderate
Release date:
2021-11-12
Description:
GNOME is the default desktop environment of AlmaLinux. The following packages have been upgraded to a later upstream version: gdm (40.0), webkit2gtk3 (2.32.3). (BZ#1909300) Security Fix(es): * webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution (CVE-2020-13558) * LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp (CVE-2020-24870) * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2020-27918) * webkitgtk: IFrame sandboxing policy violation (CVE-2021-1765) * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-1788) * webkitgtk: Type confusion issue leading to arbitrary code execution (CVE-2021-1789) * webkitgtk: Access to restricted ports on arbitrary servers via port redirection (CVE-2021-1799) * webkitgtk: IFrame sandboxing policy violation (CVE-2021-1801) * webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-1844) * webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1870) * webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1871) * webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and possibly code execution (CVE-2021-21775) * webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code execution (CVE-2021-21779) * webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution (CVE-2021-21806) * webkitgtk: Integer overflow leading to arbitrary code execution (CVE-2021-30663) * webkitgtk: Memory corruption leading to arbitrary code execution (CVE-2021-30665) * webkitgtk: Logic issue leading to leak of sensitive user information (CVE-2021-30682) * webkitgtk: Logic issue leading to universal cross site scripting attack (CVE-2021-30689) * webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers (CVE-2021-30720) * webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30734) * webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack (CVE-2021-30744) * webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30749) * webkitgtk: Type confusion leading to arbitrary code execution (CVE-2021-30758) * webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2021-30795) * webkitgtk: Insufficient checks leading to arbitrary code execution (CVE-2021-30797) * webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30799) * webkitgtk: User may be unable to fully delete browsing history (CVE-2020-29623) * gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (CVE-2020-36241) * gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination directory (incomplete CVE-2020-36241 fix) (CVE-2021-28650) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the AlmaLinux Release Notes linked from the References section.
Updated packages:
  • gnome-online-accounts-devel-3.28.2-3.el8.x86_64.rpm
  • gnome-shell-extension-updates-dialog-3.32.1-20.el8.noarch.rpm
  • webkit2gtk3-jsc-2.32.3-2.el8.i686.rpm
  • LibRaw-0.19.5-3.el8.i686.rpm
  • gnome-shell-extension-native-window-placement-3.32.1-20.el8.noarch.rpm
  • gnome-shell-extension-drive-menu-3.32.1-20.el8.noarch.rpm
  • accountsservice-libs-0.6.55-2.el8.x86_64.rpm
  • gtk3-devel-3.22.30-8.el8.i686.rpm
  • gnome-shell-extension-panel-favorites-3.32.1-20.el8.noarch.rpm
  • webkit2gtk3-devel-2.32.3-2.el8.x86_64.rpm
  • gnome-session-3.28.1-13.el8.x86_64.rpm
  • gnome-shell-extension-dash-to-dock-3.32.1-20.el8.noarch.rpm
  • webkit2gtk3-2.32.3-2.el8.x86_64.rpm
  • gnome-shell-extension-no-hot-corner-3.32.1-20.el8.noarch.rpm
  • gnome-shell-extension-apps-menu-3.32.1-20.el8.noarch.rpm
  • gnome-classic-session-3.32.1-20.el8.noarch.rpm
  • gnome-online-accounts-3.28.2-3.el8.x86_64.rpm
  • gtk3-3.22.30-8.el8.x86_64.rpm
  • gnome-shell-extension-launch-new-instance-3.32.1-20.el8.noarch.rpm
  • gtk-update-icon-cache-3.22.30-8.el8.x86_64.rpm
  • gnome-shell-extension-systemMonitor-3.32.1-20.el8.noarch.rpm
  • gtk3-3.22.30-8.el8.i686.rpm
  • accountsservice-0.6.55-2.el8.x86_64.rpm
  • webkit2gtk3-devel-2.32.3-2.el8.i686.rpm
  • gnome-shell-3.32.2-40.el8.x86_64.rpm
  • webkit2gtk3-jsc-devel-2.32.3-2.el8.i686.rpm
  • gnome-session-wayland-session-3.28.1-13.el8.x86_64.rpm
  • vino-3.22.0-11.el8.x86_64.rpm
  • gnome-shell-extension-gesture-inhibitor-3.32.1-20.el8.noarch.rpm
  • gnome-settings-daemon-3.32.0-16.el8.alma.x86_64.rpm
  • webkit2gtk3-jsc-devel-2.32.3-2.el8.x86_64.rpm
  • gnome-shell-extension-top-icons-3.32.1-20.el8.noarch.rpm
  • gnome-shell-extension-disable-screenshield-3.32.1-20.el8.noarch.rpm
  • gnome-online-accounts-3.28.2-3.el8.i686.rpm
  • gnome-control-center-filesystem-3.28.2-28.el8.noarch.rpm
  • gnome-shell-extension-common-3.32.1-20.el8.noarch.rpm
  • LibRaw-0.19.5-3.el8.x86_64.rpm
  • gsettings-desktop-schemas-3.32.0-6.el8.i686.rpm
  • accountsservice-libs-0.6.55-2.el8.i686.rpm
  • gnome-shell-extension-window-grouper-3.32.1-20.el8.noarch.rpm
  • LibRaw-devel-0.19.5-3.el8.x86_64.rpm
  • gdm-40.0-15.el8.x86_64.rpm
  • gnome-autoar-0.2.3-2.el8.x86_64.rpm
  • gsettings-desktop-schemas-devel-3.32.0-6.el8.i686.rpm
  • webkit2gtk3-jsc-2.32.3-2.el8.x86_64.rpm
  • mutter-3.32.2-60.el8.x86_64.rpm
  • gnome-shell-extension-desktop-icons-3.32.1-20.el8.noarch.rpm
  • gnome-shell-extension-horizontal-workspaces-3.32.1-20.el8.noarch.rpm
  • gnome-shell-extension-window-list-3.32.1-20.el8.noarch.rpm
  • gnome-control-center-3.28.2-28.el8.x86_64.rpm
  • gnome-shell-extension-workspace-indicator-3.32.1-20.el8.noarch.rpm
  • gnome-calculator-3.28.2-2.el8.x86_64.rpm
  • gsettings-desktop-schemas-devel-3.32.0-6.el8.x86_64.rpm
  • gtk3-immodule-xim-3.22.30-8.el8.x86_64.rpm
  • gnome-session-xsession-3.28.1-13.el8.x86_64.rpm
  • gnome-online-accounts-devel-3.28.2-3.el8.i686.rpm
  • webkit2gtk3-2.32.3-2.el8.i686.rpm
  • mutter-3.32.2-60.el8.i686.rpm
  • gnome-shell-extension-screenshot-window-sizer-3.32.1-20.el8.noarch.rpm
  • gnome-software-3.36.1-10.el8.x86_64.rpm
  • gtk3-devel-3.22.30-8.el8.x86_64.rpm
  • gnome-shell-extension-windowsNavigator-3.32.1-20.el8.noarch.rpm
  • gnome-shell-extension-auto-move-windows-3.32.1-20.el8.noarch.rpm
  • gnome-session-kiosk-session-3.28.1-13.el8.x86_64.rpm
  • gnome-autoar-0.2.3-2.el8.i686.rpm
  • gnome-shell-extension-places-menu-3.32.1-20.el8.noarch.rpm
  • gnome-shell-extension-user-theme-3.32.1-20.el8.noarch.rpm
  • gdm-40.0-15.el8.i686.rpm
  • gnome-software-3.36.1-10.el8.i686.rpm
  • LibRaw-devel-0.19.5-3.el8.i686.rpm
  • accountsservice-devel-0.6.55-2.el8.x86_64.rpm
  • mutter-devel-3.32.2-60.el8.i686.rpm
  • gnome-software-devel-3.36.1-10.el8.i686.rpm
  • gnome-software-devel-3.36.1-10.el8.x86_64.rpm
  • mutter-devel-3.32.2-60.el8.x86_64.rpm
  • accountsservice-devel-0.6.55-2.el8.i686.rpm
  • gnome-autoar-0.2.3-2.el8.aarch64.rpm
  • gsettings-desktop-schemas-3.32.0-6.el8.aarch64.rpm
  • gnome-software-devel-3.36.1-10.el8.aarch64.rpm
  • gnome-settings-daemon-3.32.0-16.el8.alma.aarch64.rpm
  • gnome-online-accounts-3.28.2-3.el8.aarch64.rpm
  • gnome-online-accounts-devel-3.28.2-3.el8.aarch64.rpm
  • gnome-calculator-3.28.2-2.el8.aarch64.rpm
  • gsettings-desktop-schemas-devel-3.32.0-6.el8.aarch64.rpm
  • gnome-software-3.36.1-10.el8.aarch64.rpm
  • vino-3.22.0-11.el8.aarch64.rpm
  • gnome-autoar-0.2.3-2.el8.ppc64le.rpm
  • LibRaw-devel-0.19.5-3.el8.ppc64le.rpm
  • gsettings-desktop-schemas-3.32.0-6.el8.ppc64le.rpm
  • LibRaw-0.19.5-3.el8.ppc64le.rpm
  • gnome-software-devel-3.36.1-10.el8.ppc64le.rpm
  • gnome-online-accounts-3.28.2-3.el8.ppc64le.rpm
  • gnome-settings-daemon-3.32.0-16.el8.alma.ppc64le.rpm
  • vino-3.22.0-11.el8.ppc64le.rpm
  • gsettings-desktop-schemas-devel-3.32.0-6.el8.ppc64le.rpm
  • gnome-online-accounts-devel-3.28.2-3.el8.ppc64le.rpm
  • gnome-calculator-3.28.2-2.el8.ppc64le.rpm
  • gnome-software-3.36.1-10.el8.ppc64le.rpm
Notes:
This page is generated automatically from Red Hat security data and has not been checked for errors. For clarification or corrections please contact the AlmaLinux Packaging Team.